WhatsApp hacking is an issue of national cybersecurity: IT Ministry

Security researchers uncover advanced hacking group targeting MikroTik routers in Africa and Middle East.

WhatsApp hacking is an issue of national cybersecurity: IT Ministry

May 19  |  By SysEthics  

Facebook-owned WhatsApp was recently hit by a spyware which affected a small portion of its user base. The spyware was spreading with a suspicious WhatsApp call. The Indian government has reached out to the company seeking clarification. The government is actively tracking complaints originating out of the use of WhatsApp platform with the Department of Telecom or DoT launching a channel to report abuse on WhatsApp.


The government officials from the Ministry of Electronics and Information Technology (MeitY) have written to WhatsApp seeking information on how many Indian users were affected and the exact details of the vulnerability. The government is calling this an issue of national cybersecurity and wants to know about the measures that Facebook deployed to address this issue. Facebook claims that only a small amount of people got affected by this vulnerability.


The spyware affected user devices, camera, microphone, and even the keyboard. WhatsApp's end-to-end encryption which protects messages has not been effective. The spyware also records the device keystrokes. According to reports, the spyware has affected WhatsApp versions on Android, iOS, and Windows Phone.


The bug was created using a spyware called Pegasus, which is created by an Israeli cybersecurity firm called NSO Group. The software was also used in the past to spy over Washington Post reporter Jamal Khashoggi. The NSO Group develops software products to help government intelligence, and law enforcement agencies.

Indian government's notice to WhatsApp comes as no surprise. Facebook doesn't enjoy a good relationship with the Indian governments. Indian government had asked WhatsApp to track the kidnapping video that went viral on the platform last year. WhatsApp denied the request claiming that it will implement safeguards to ensure that such incidents won't repeat in future. The company claims that end-to-end encryption is designed to protect user's data and it cannot be broken.